0 Replies Latest reply on Dec 13, 2011 12:32 PM by Scott Lopez

    Token Encryption

    Scott Lopez Newbie

      I've been looking into how jboss does encryption between the client and the service.  I have jboss working using the configuration file jboss-wsse...


      encryption works great for the body, however, jboss doesn't encrypt the headers.  Since the SAML token is sent across in a Security header, what are my options for protecting the token?  I saw "EncryptToken" in the picketlink-sts.xml file, does this encrypt the entire token? 


      If it works, does it encrypt the entire token?  What do I have to do on the JBoss service side, if anything?


      Thanks in advance.